Re: Achieving trusted TLS connection

2018-01-31 Thread Viktor Dukhovni
> On Jan 31, 2018, at 4:12 PM, Bastian Blank > wrote: > > On Wed, Jan 31, 2018 at 03:31:08PM -0500, Viktor Dukhovni wrote: >> Is "SwissSign Silver CA - G2" included in your "ca bundle"? > > Also, is this server known to provide a client cert?

Re: Achieving trusted TLS connection

2018-01-31 Thread Danny Horne
On 31/01/2018 9:12 pm, Bastian Blank wrote: > On Wed, Jan 31, 2018 at 03:31:08PM -0500, Viktor Dukhovni wrote: >> Is "SwissSign Silver CA - G2" included in your "ca bundle"? > Also, is this server known to provide a client cert? > > Bastian > Not sure about 'provide', but the following shows it

Re: Achieving trusted TLS connection

2018-01-31 Thread Bastian Blank
On Wed, Jan 31, 2018 at 03:31:08PM -0500, Viktor Dukhovni wrote: > Is "SwissSign Silver CA - G2" included in your "ca bundle"? Also, is this server known to provide a client cert? Bastian -- There's another way to survive. Mutual trust -- and help. -- Kirk, "Day of the Dove",

Re: Achieving trusted TLS connection

2018-01-31 Thread Viktor Dukhovni
> On Jan 31, 2018, at 2:46 PM, Danny Horne wrote: > > I didn't think achieving an inbound trusted TLS connection required > DANE, merely a trusted certificate (which was verifiable through my > trusted CA file. > > Maybe I misunderstood the documentation. I see, sorry, I

Re: Achieving trusted TLS connection

2018-01-31 Thread Danny Horne
Thanks for the reply, I didn't think achieving an inbound trusted TLS connection required DANE, merely a trusted certificate (which was verifiable through my trusted CA file. Maybe I misunderstood the documentation

Re: Achieving trusted TLS connection

2018-01-31 Thread Viktor Dukhovni
> On Jan 31, 2018, at 1:14 PM, Danny Horne wrote: > > I've read what Postfix documentation I can find on the subject, and I > don't understand why I'm seeing untrusted connections rather than > trusted. I'm using an account at mailbox.org for testing purposes, they > use

Achieving trusted TLS connection

2018-01-31 Thread Danny Horne
Hi all, I've read what Postfix documentation I can find on the subject, and I don't understand why I'm seeing untrusted connections rather than trusted.  I'm using an account at mailbox.org for testing purposes, they use DNSSEC / DANE for there server (as do I), and I see a verified connection

Re: Duplicate email troubleshooting

2018-01-31 Thread Matus UHLAR - fantomas
On 30.01.18 08:55, Asai wrote: I'm running into an issue with a mailbox that also has aliases assigned to it. On Jan 30, 2018, at 9:21 AM, Matus UHLAR - fantomas wrote: please avoid HTML mail. e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and

Re: Configure Postfix for High Volume

2018-01-31 Thread Viktor Dukhovni
> On Jan 31, 2018, at 9:53 AM, Stephen Satchell wrote: > > Can you characterize the distribution of your mail delivery? In other words, > if you take each mailpiece, determine the MX, and collate the results, do you > have a lot of mail going to relatively few endpoints,

Re: Configure Postfix for High Volume

2018-01-31 Thread Stephen Satchell
On 01/30/2018 06:44 PM, Tech Gurus wrote: Just checking back if there is recommendation to increase outbound mail delivery . One additional thought: have you thought about punting the problem, and configuring PostFix to use a smarthost on a contracted mail service? One that cares about

Re: Configure Postfix for High Volume

2018-01-31 Thread Stephen Satchell
On 01/30/2018 06:44 PM, Tech Gurus wrote: Just checking back if there is recommendation to increase outbound mail delivery . Can you characterize the distribution of your mail delivery? In other words, if you take each mailpiece, determine the MX, and collate the results, do you have a lot

Re: Two different IP for one mx

2018-01-31 Thread jin
Ok, I already started a discussion with ISP and they obviously have no idea what they doing. However, they did not provide any effort to fix this setup. I'm still waiting. May be it is the time to find a proper ISP and replace with it. 2018-01-31 17:00 GMT+03:00 Bill Cole <

Re: Two different IP for one mx

2018-01-31 Thread Bill Cole
On 30 Jan 2018, at 6:07 (-0500), jin wrote: Yes I saw connections coming from 172.27.203.20 and it was me. I believe this setup is not fit mail servers. Absolutely true. 3 widespread ISP tactics that make a network unfit for an Internet-facing MTA: 1. DNS hijacking 2. Firewall or

Re: python-policyd-spf doesn't check mail from my own domain

2018-01-31 Thread Dominic Raferd
On 31 January 2018 at 09:48, li...@lazygranch.com wrote: > > I'm at a loss on the HELO_reject = False. Why wouldn't you use the > default "fail". I use opendmarc to pass or fail emails, I never fail an email based only on SPF. That can lead to lots of false positives IMO.

Re: python-policyd-spf doesn't check mail from my own domain

2018-01-31 Thread li...@lazygranch.com
On Wed, 31 Jan 2018 07:43:17 + (UTC) Dominic Raferd wrote: > On 31 January 2018 at 03:44, li...@lazygranch.com > wrote: > > On Tue, 30 Jan 2018 10:50:18 + > > Dominic Raferd wrote: > > > >> On 30 January 2018 at

Re: Duplicate email troubleshooting

2018-01-31 Thread G
On 01/30/2018 06:21 PM, Matus UHLAR - fantomas wrote: On 30.01.18 08:55, Asai wrote: I'm running into an issue with a mailbox that also has aliases assigned to it. please avoid HTML mail. e.g. u...@domain.net has alias u...@domain.net, us...@otherdomain.net, and us...@otherdomain.net

Re: multi instance postfix with 2 IP address and 2 sending domains

2018-01-31 Thread Marat Khalili
On 31/01/18 00:38, Anvar Kuchkartaev wrote: Since TTL was 5 seconds propogation took not too long but without luck. Many DNS servers silently increase TTL if it's so small. Wait at least an hour to be sure. Might PTR causing issue because of it is deprecated? Are you sure you cannot use "a"